Granted Warrant Allowed Feds To Force Everyone At Searched Residence To Unlock Devices With Their Fingerprints

from the hello-dystopia dept

Thomas Fox-Brewster of Forbes has dug up an unsealed memorandum in support of a federal search warrant demanding… all the fingerprints of every occupant in the searched residence.

FORBES found a court filing, dated May 9 2016, in which the Department of Justice sought to search a Lancaster, California, property. But there was a more remarkable aspect of the search, as pointed out in the memorandum: “authorization to depress the fingerprints and thumbprints of every person who is located at the SUBJECT PREMISES during the execution of the search and who is reasonably believed by law enforcement to be the user of a fingerprint sensor-enabled device that is located at the SUBJECT PREMISES and falls within the scope of the warrant.” The warrant was not available to the public, nor were other documents related to the case.

The memorandum goes on to point out that simply demanding fingerprints implicates neither the Fourth nor Fifth Amendments. But the additional permissions sought certainly do.

“While the government does not know ahead of time the identity of every digital device or fingerprint (or indeed, every other piece of evidence) that it will find in the search, it has demonstrated probable cause that evidence may exist at the search location, and needs the ability to gain access to those devices and maintain that access to search them. For that reason, the warrant authorizes the seizure of ‘passwords, encryption keys, and other access devices that may be necessary to access the device,’” the document read.

Not only are the devices being seized, but so are any passwords, which does carry some implications, but not necessarily at the point of seizure. It's the refusal to turn over passwords or encryption keys in the face of a court order that can result in contempt charges, and it's still less-than-settled that access information has no testimonial value.

But even the seizure of these devices in hopes of searching them later (but securing fingerprints to unlock them first) is a Fourth Amendment problem if they're accessed in nearly any way during the unlocking process. One court found, post-Riley, that simply opening a flip phone constituted a search. In that context, forcing a finger onto the phone and viewing the screen's contents could be considered a search -- and a warrantless one at that.

Of course, the government cited plenty of cases to back up its seizure, detention of residents, and its taking of fingerprints -- most of them at least 30 years old.

It also cited Holt v. United States, a 1910 case, and United States v. Dionisio, a 1973 case, though it did point to more recent cases, including Virginia v. Baust, where the defendant was compelled to provide his fingerprint to unlock a device (though Baust did provide his biometric data, it failed to open the iPhone; after 48 hours of not using Touch ID or a reboot Apple asks for the code to be re-entered.).

As for the Fourth, the feds said protections against unreasonable searches did not stand up when “the taking of fingerprints is supported by reasonable suspicion,” citing 1985′s Hayes v. Florida. Other cases, dated well before the advent of smartphones, were used to justify any brief detention that would arise from forcing someone to open their device with a fingerprint.

This is the reality of what the government is seeking: law enforcement officers detaining suspects and non-suspects alike and forcing them to apply their fingers to all locked devices on the premises. If this is the new normal for warrant service, it's time for the courts to step up and be a bit more aggressive in holding the government to particularity requirements.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 18 Oct 2016 @ 8:37am

    All your biometrics are belong to us.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Oct 2016 @ 8:44am

    And this is why all of my devices fingerprint readers remain uninitialized.

    reply to this | link to this | view in chronology ]

    • icon
      JBDragon (profile), 18 Oct 2016 @ 5:04pm

      Re:

      power down your phone if you think the police is going to make a grab for it. Your finger print won't work once it boots up again. You have to enter the passcode first.

      reply to this | link to this | view in chronology ]

  • identicon
    I.T. Guy, 18 Oct 2016 @ 9:00am

    "particularly describing the place to be searched, and the persons or things to be seized."

    They can't particularly describe unknown persons.

    reply to this | link to this | view in chronology ]

  • identicon
    Christenson, 18 Oct 2016 @ 9:10am

    Searching a phone or a computer with someone's whole life on it isn't exactly a particular search.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Oct 2016 @ 9:24am

    Not only are the devices being seized, but so are any passwords, which does carry some implications, but not necessarily at the point of seizure.

    Not only do you contradict yourself you and the dictionary disagree on terms.

    We we have another journalist write these articles that cares more about the Constitution than you? You are obviously willing to imply "some implications, but not necessarily at the point of" calling a spade a spade.

    At a fundamental level this is a bit insidious.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Oct 2016 @ 9:25am

    I don't remember my password. Lather, rinse, repeat.

    reply to this | link to this | view in chronology ]

    • identicon
      Michael, 18 Oct 2016 @ 10:10am

      Re:

      Lather, rinse, and repeat in the prison shower room for contempt.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 18 Oct 2016 @ 10:29am

        Re: Re: Contempt for warrants

        Contempt, as noted in the article, comes when the Court orders compliance and the subject fails to comply. This article is about a warrant wielded by a door-kicking SWAT team intent on property destruction, not a Court order. I have no doubt that the team would proceed to arrest anyone who did not comply, but I have some doubt that they would not arbitrarily arrest everyone at that location even if they did get full compliance. Once arrested, there would be an opportunity for the Court to issue a separate order, which could then lead to the contempt charge if not properly quashed.

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 18 Oct 2016 @ 11:45am

        Re: Re:

        Contempt for what? I can't help it if I have a bad memory.

        reply to this | link to this | view in chronology ]

        • icon
          That One Guy (profile), 18 Oct 2016 @ 2:57pm

          Re: Re: Re:

          To which the judge simply has to respond with "I don't believe you, provide the password or rot in a cell until you remember'."

          If the judge doesn't believe that you don't remember your password they don't have to prove that you did in fact forget it, you have to prove that you did, and since that's entirely based upon your word that you did...

          Isn't the legal system just grand?

          reply to this | link to this | view in chronology ]

          • icon
            Dave Cortright (profile), 18 Oct 2016 @ 3:11pm

            Re: Re: Re: Re:

            Which is why having a deniable encryption password would be so valuable for all systems. Despite my previous strident comment about a GFY message, the real way to implement this is to silently delete everything while the system comes up and looks like it simply does not have any data on it. Bonus points for creating some innocuous data in there so it is plausibly the real thing. What can the judge do once the system is unlocked and shows nothing of interest?

            reply to this | link to this | view in chronology ]

            • icon
              Uriel-238 (profile), 18 Oct 2016 @ 4:14pm

              The current "false bottom" technology

              disguises the encrypted data as unused memory clusters, so there is no clear proof that you even have encrypted data at all.

              Or don't...which presents a problem.

              Frankly, as things are, a judge can just declare that you have contraband data and have effectively hidden it. Even if he claims that it's some secret cloud account.

              Which means, yeah, a judge could hold you for contempt for no actual reason with no actual evidence. You can try to invoke habeas corpus, but I don't think there is real proof they have except We have more guns than you. Or their court is backed by the power of force, not the power of law.

              Then off to jail you go for fourteen years. Longer, since it's hard to get out when you're forgotten.

              reply to this | link to this | view in chronology ]

          • icon
            Uriel-238 (profile), 18 Oct 2016 @ 4:09pm

            Longest contempt of court record...

            is 14 years, so far.

            So yeah, it's possible to be jailed for contempt for a long time.

            reply to this | link to this | view in chronology ]

          • icon
            Padpaw (profile), 19 Oct 2016 @ 2:40am

            Re: Re: Re: Re:

            you are confusing kangaroo courts with law and order.

            reply to this | link to this | view in chronology ]

  • icon
    Ninja (profile), 18 Oct 2016 @ 10:02am

    Biometric data is not suitable to be used as passwords/access keys. They can be one of the steps acting as an identifier but not the key.

    Ahem. That said, they'd get nothing by having my fingerprints and I would certainly forget my password at that point.

    reply to this | link to this | view in chronology ]

  • identicon
    Darkhog, 18 Oct 2016 @ 10:05am

    Note to self:

    When FBI comes knocking, slice all your fingers with a scalpel so any fingerprints become useless for smart device unlocking.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 18 Oct 2016 @ 10:30am

      Re: Note to self:

      Sure, but good luck getting all the fingers adequately sliced and getting the knife somewhere safe before they shoot you for "having a knife" that threatened officer safety.

      reply to this | link to this | view in chronology ]

    • icon
      nasch (profile), 18 Oct 2016 @ 12:24pm

      Re: Note to self:

      Just turn your phone off (and make sure it's set to require a password at reboot).

      reply to this | link to this | view in chronology ]

    • icon
      Uriel-238 (profile), 18 Oct 2016 @ 2:21pm

      Save yourself the painful process

      They can photograph your sliced fingertips, edit out the scars and construct rubber fingers using 3D printing that works just fine.

      Or at least it did when the Apple biometric access tech was released.

      reply to this | link to this | view in chronology ]

    • icon
      JBDragon (profile), 18 Oct 2016 @ 5:23pm

      Re: Note to self:

      Just turn off your phone! When they turn it back on, your Finger print will no longer work until you enter the Pass code that first time!!! You can touch it all you want and it won't do anything!!!

      reply to this | link to this | view in chronology ]

  • identicon
    Quiet Lurcker, 18 Oct 2016 @ 10:40am

    @Tim Cushing:

    "...and it's still less-than-settled that access information has no testimonial value."

    Excuse me????

    That is a given fact, fundamental to the whole point of access information - or keys, or employee passes, or whatever else.

    Having a password, key, biometric access - pick what form/mode of unlocking anything you wish - is prima facie evidence that either or both of a) you are authorized by the owner to operate/control/gain access to/use whatever is behind the lock or access control device; or b) you are the owner (impliedly subsuming authorization to use/control, etc.) of whatever is behind the lock or access control device/mechanism/etc.

    To give just two obvious examples, possession of a key to a particular house implies that you do or may live at that address. Possess of a car key implies that you either are the owner of a car or are known to the owner of the car.

    reply to this | link to this | view in chronology ]

  • identicon
    Stosh, 18 Oct 2016 @ 10:45am

    My password...umm, I don't recall it.

    Works for rich or politically connected Dems.

    reply to this | link to this | view in chronology ]

  • icon
    Padpaw (profile), 18 Oct 2016 @ 10:58am

    The sooner Americans realize their government believes they have no constitutional rights the better. though I am sure "It can't happen here" will protect them.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Oct 2016 @ 11:30am

    welcome to Nazi USA!!

    reply to this | link to this | view in chronology ]

  • icon
    Dave Cortright (profile), 18 Oct 2016 @ 12:18pm

    Dear Apple & Google: We need the "nuke it" fingerprint feature

    I'd be happy to provide a fingerprint as long as my phone/device has an unlock fingerprint trained, and a separate "nuke everything on my phone and pop up a big GFY message on the screen" fingerprint.

    Guess which one I will be providing to the feds?

    reply to this | link to this | view in chronology ]

  • icon
    nasch (profile), 18 Oct 2016 @ 12:28pm

    Warrant

    "Thomas Fox-Brewster of Forbes has dug up an unsealed memorandum in support of a federal search warrant demanding… all the fingerprints of every occupant in the searched residence...

    In that context, forcing a finger onto the phone and viewing the screen's contents could be considered a search -- and a warrantless one at that."

    How would that be warrantless?

    reply to this | link to this | view in chronology ]

  • icon
    mb (profile), 18 Oct 2016 @ 3:47pm

    Self Destruct Button

    For anyone particularly concerned about this, the solution is simply to have a task that runs every time after login that starts a self-destruct timer in the background. If you don't launch the kill-switch, or if the tether to your smartwatch isn't available, it nukes everything.

    reply to this | link to this | view in chronology ]

    • icon
      Uriel-238 (profile), 18 Oct 2016 @ 4:23pm

      Excellent for spies and terrorists.

      For the rest of us, I suspect our lifestyles of convenience won't account for a daily plug-in.

      Still, there are more tricks for hiding and encrypting data than there are for detecting it. I expect that eventually the courts will go full MiniPAX until people are filling our prisons on account of having suspected hidden data they won't reveal.

      reply to this | link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 18 Oct 2016 @ 5:12pm

    Thats a spiffy list of rights we allegedly have... when do we actually get them?

    reply to this | link to this | view in chronology ]

  • identicon
    VanTeknica, 18 Oct 2016 @ 8:04pm

    “authorization to depress the fingerprints and thumbprints..."

    It would have been too hilarious if everyone had used a toe, instead of a finger, for device access. ;-)

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.